From the Real World: Concerned by #ebay privacy? Maybe you should be!

Before I begin – here’s the disclaimer bit. I have been a happy user of eBay for many, many years. I have bought and sold lots of stuff and have a 100% positive reputation in more than 500 transactions, I guess you could say I am the typical eBay user.

In December I was personally (and fortunately for the first time) exposed to the risks of being on-line and, more specifically, the risks associated to the trust we place in reputable platforms to do the right thing when it comes to the safety of their users.

eBay, a company we can trust to have the right controls and mechanisms in place to ensure that its users are safe from harm, right? eBay, a company we can rely on and feel secure in the knowledge that other users of their platform are reliable, trustworthy and safe to do business with, right?

Apparently not so much.

It turns out that if somebody wants to get your contact details with regards to a listing (in my most recent case a listing for a car) all they have to do is submit an offer against another Buy-It-Now listing you have and then request your details from the system.

So if somebody, for instance, wanted to try make a deal outside of eBay to buy a car you were selling, all they would have to do is set up a new user and then exploit the hole by bidding on one of your other items and then following the “contact user” process. Apparently, according to eBay, the fact that they have bid (in this case £1 against an item listed Buy-It-Now for £50 with “Make an Offer” enabled) means we are in a “trading relationship”.

What a great little loophole.

In my recent case resulted in a right proper bun-fight kicking off as a car dealer that wanted to try and make a deal outside of eBay was able to get hold of my phone number at 10pm at night (which he then proceeded to call a number of times) and then rocked up at my house the following day despite the fact the car had already sold (legitimately on eBay) and at one point threatened me if I didn’t sell the car to him instead of (it turns out) a rival car dealer who was the legit buyer.

What a frakking mess, all made possibly due to a gaping wide hole in the eBay process.

eBays view on this? [paraphrase] “it’s just how it works, but we’ll make a note of your complaint”- despite the detailed outline I provided to them of what had happened. Insult to injury? The offer on the original item was retracted 24 hours later. Why? “User no longer exists”. Hilarious.

Needless to say, I have now updated my details on eBay to be much harder to trace (using a virtual phone number) which totally negates the point of the phone contact and address details held for when people want to legitimately speak to me about transactions. In a way I am now exploiting the system’s loopholes (validation against users on eBay is epically lightweight afterall) as a counterpoint to other loopholes. Maybe I’m part of the problem, not the solution?

The moral of this story? You can’t even trust the parts of the web that you should be able to trust.